On 1.9.2021, the Ackee Blockchain Security Team has successfully completed an audit of Marinade Finance. What were our findings?

Marinade.Finance is non-custodial liquid staking protocol on Solana, with a TVL of $1 billion at the time of writing. People stake their tokens using automated staking strategies and receive “staked SOL” tokens (mSOL) that they can use in DeFi or unstake at any time to swap back to SOL.

If you want to learn more about Marinade.Finance. Please visit the official Marinade’s documentation here.

A summary of the audit and its findings follows up.

Our core audit methodology consists of:

  1. Technical specification/documentation – a brief overview of the system is requested from the client and the scope of the audit is defined.
  2. Manual code review – the  code is checked line by line for common vulnerabilities, code duplication, best practices and the code architecture is reviewed.
  3. Local deployment + hacking – the program is deployed locally and we try to  attack the system and break it.

At the beginning we’ve defined the following main objectives of the audit at the start of the auditing process:

  • Check the overall code quality. 
  • Make sure that nobody unauthorized can withdraw SOL or mSOL from the liquid pool.
  • Verify that only Marinade itself can mint tokens.
  • Check that only authorized entities can deploy the program to the Solana network.

Using our toolset and manual code review we’ve identified 4 low severity issues and 1 medium severity issue. None of the issues required immediate action.

Marinades team was helpful and cooperative throughout the auditing process. All imperfections in documentation and in commit culture were resolved quickly.

We were a delight to audit Marinade Finance – liquid staking protocol on Solana. And looking forward to work with them again.

The full Ackee Blockchain audit report is here: https://marinade.finance/docs/AckeeBlockchain.pdf